Merge pull request #25 from NoRelect/fix/remove-hardcoded-values

Remove hardcoded configuration values
2024-01-20 20:51:50 +01:00 · 2024-01-20 20:51:50 +01:00 · 6833d236df
commit 6833d236df
parent 512058a68d d4c6624e99
2 changed files with 13 additions and 7 deletions
--- a/fuzz_runner/src/nyx/params.rs
+++ b/fuzz_runner/src/nyx/params.rs
@ -1,3 +1,4 @@
+use std::time::Duration;
 use crate::{config::{Config, FuzzRunnerConfig, QemuNyxRole}, QemuProcess};

 pub struct QemuParams {
@ -15,6 +16,7 @@ pub struct QemuParams {
    pub hprintf_fd: Option<i32>,

    pub aux_buffer_size: usize,
+    pub time_limit: Duration,
 }

 impl QemuParams {
@ -46,7 +48,7 @@ impl QemuParams {
            FuzzRunnerConfig::QemuSnapshot(x) => {
                cmd.push(x.qemu_binary.to_string());
                cmd.push("-drive".to_string());
-                cmd.push(format!("file={},format=raw,index=0,media=disk", x.hda.to_string()));
+                cmd.push(format!("file={},index=0,media=disk", x.hda.to_string()));
            },
        }

@ -148,8 +150,11 @@ impl QemuParams {
                    match fuzzer_config.runtime.process_role() {
                        QemuNyxRole::StandAlone => {
                            cmd.push("-fast_vm_reload".to_string());
-                            cmd.push(format!("path={}/snapshot/,load=off,pre_path={},skip_serialization=on", workdir, x.presnapshot));
-
+                            if x.presnapshot.is_empty() {
+                                cmd.push(format!("path={}/snapshot/,load=off,skip_serialization=on", workdir));
+                            } else {
+                                cmd.push(format!("path={}/snapshot/,load=off,pre_path={},skip_serialization=on", workdir, x.presnapshot));
+                            }
                        },
                        QemuNyxRole::Parent => {
                            cmd.push("-fast_vm_reload".to_string());
@ -191,6 +196,7 @@ impl QemuParams {
            cow_primary_size: fuzzer_config.fuzz.cow_primary_size,
            hprintf_fd: fuzzer_config.runtime.hprintf_fd(),
            aux_buffer_size: fuzzer_config.runtime.aux_buffer_size(),
+            time_limit: fuzzer_config.fuzz.time_limit
        }
    }

--- a/fuzz_runner/src/nyx/qemu_process.rs
+++ b/fuzz_runner/src/nyx/qemu_process.rs
@ -205,7 +205,7 @@ impl QemuProcess {
            return Err(format!("cannot launch QEMU-Nyx..."));
        }

-        let mut aux_buffer = {
+        let aux_buffer = {
            let aux_shm_f = OpenOptions::new()
                .read(true)
                .write(true)
@ -295,8 +295,8 @@ impl QemuProcess {
        println!("[!] libnyx: qemu #{} is ready:", params.qemu_id);

        aux_buffer.config.reload_mode = 1;
-        aux_buffer.config.timeout_sec = 0;
-        aux_buffer.config.timeout_usec = 500_000;
+        aux_buffer.config.timeout_sec = params.time_limit.as_secs() as u8;
+        aux_buffer.config.timeout_usec = params.time_limit.subsec_micros();
        aux_buffer.config.changed = 1;

        return Ok(QemuProcess {